A decades-old oversight in the design of Secure Copy Protocol (SCP) tools can be exploited by malicious servers to unexpectedly alter victims' files on their client machines, it has emerged.

F-Secure's Harry Sintonen discovered a set of five CVE-listed vulnerabilities, which can be abused by evil servers to overwrite arbitrary files on a computer connected via SCP. If you use a vulnerable version of OpenSSH's scp, PuTTY's PSCP, or WinSCP, to securely transfer files from a remote server, that server may be able to secretly tamper with files on your local box that you do not expect the server to change.

Threat - SCP - Server - Files - Txt

It's a subtle threat because a malicious SCP server can vandalize any files you fetch. After all, if you download ~/example.txt, the received data may be modified just before transit by a malicious server. The key thing here, though, is that a malicious SCP server can alter files on your local machine other than the ones you fetched, or change access permissions, or download extra documents.

Sintonen explained that because rcp, on which scp is based, allows a server to control which files are sent, and without the scp client thoroughly checking it's getting its expected objects, an attacker can do things like overwrite the user's .bash_aliases file. This, in turn, would allow the attacker to run arbitrary commands on the victim's box...